» setup.exe
Overview
Analysis
File Details

setup.exe

Media converter

Conversionads

The application setup.exe, “Media converter Setup ” by Conversionads has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.

File name:

setup.exe

Publisher:

Conversionads (signed and verified)

Product:

Media converter

Description:

Media converter Setup

MD5:

0d8f4c566071ffc011f4e06fecd678bd

SHA-1:

0b7288e7c1227023f5ff43feb93f549bfef1ffed

SHA-256:

bd93c86e6628d861875b2ae29d94c8cdee20e6a2b83966bf64a9d89c5cd234a3

Scanner detections:

25 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/16/2024 11:05:30 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.NNP

803

Avira AntiVirus

Adware/OutBrowse.B

7.11.102.160

avast!

NSIS:AddLyrics-Q [Adw]

2014.9-141123

AVG

Agent.F

2015.0.3281

Bkav FE

W32.Clod7ef.Trojan

1.3.0.4562

Comodo Security

ApplicUnwnt

16946

Dr.Web

Trojan.AVKill.29660

9.0.1.0327

Emsisoft Anti-Malware

Trojan.Win32.OutBrowse.AMN

8.14.11.23.11

ESET NOD32

Win32/Toolbar.Zugo

8.8805

Fortinet FortiGate

W32/OutBrowse.C

11/23/2014

F-Prot

W32/AddLyrics.A

v6.4.7.1.166

F-Secure

Adware.Agent.NNP

11.2014-23-11_1

G Data

NSIS:AddLyrics-G

14.11.22

K7 AntiVirus

Unwanted-Program

13.172.9570

Kaspersky

HEUR:Trojan-Downloader.Win32.Generic

14.0.0.2900

McAfee

Artemis!0D8F4C566071

5600.6937

MicroWorld eScan

Win32/OutBrowse.C

15.0.0.981

NANO AntiVirus

Trojan.Win32.AVKill.bnzlyi

0.26.0.54404

Norman

Suspicious_Gen4.ETXBS

11.20141123

Reason Heuristics

PUP.Installer.Conversionads.F

14.11.23.23

Sophos

Conversion Ads

4.91

Trend Micro House Call

TROJ_GEN.RCBH1AH

7.2.327

Trend Micro

TROJ_SPNR.0CB713

10.465.23

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.2

VIPRE Antivirus

Trojan.Win32.Generic

21520

File size:

12.7 MB (13,309,856 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Conversionads

Authority:

COMODO CA Limited

Valid from:

5/30/2012 8:00:00 AM

Valid to:

5/31/2013 7:59:59 AM

Subject:

CN=Conversionads, O=Conversionads, STREET=Am Weinberg 5, L=Neubeuern, S=Neubeuern, PostalCode=83115, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F87F8F45F7BF3EBF80C41AFC59A6916A

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:qi4d7iA7qS7pB0bS27bkW88AZK4ENgGyahxuv:qLd7Z+Ssbb8K35hxq

Entry address:

0x9C18

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AE, 94, FF, FF, E8, B5, A6, FF, FF, E8, 44, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, D4, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9D, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 5A, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Entropy:

7.9998

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.